Mobile Application Penetration Testing

Is my app safe?

Standards & Certifications

Are you sure about the right tests for your app?

You are probably familiar with mobile application testing standards such as OWASP MASTG and there may be good reasons in your case to stick to a specific standard. You may also need security certificates such as DIGA or ISO27001 for your app.

You may not (yet) know exactly which test scope and which procedure is suitable in your specific case: Is it sufficient to just test the app itself, or should a compromised mobile device and its effects on the security of your app be simulated, for example become?

ProSec has a team of experts ready to assist you in every scenario. They will take a personalized approach to assess your app and your business, working with you to determine the most suitable process and scope for Mobile Application Penetration Testing in your specific case. It doesn't matter whether your app is native or hybrid, developed for a single target platform, or built as a Cross-Platform App using tools like Flutter.

Count on our security support to bolster your app's defenses professionally and establish long-lasting resilience against hacking attacks.

Individual and holistic

As standard as necessary, as tailored as possible.

Our expertise allows us to tailor our approach to your specific needs, rather than rigidly adhering to predefined standards. We design our own customized protocols that align perfectly with our clients' requirements.

Where it makes sense, we naturally adhere to established standards, enabling us, for instance, to issue the necessary certificates for you.

We provide context-relevant designs
for DIGA, ISO27001, and various other certificates.

The individual coordination of the test procedure also includes a possible re-test. You can use it to ensure that you have successfully processed all the findings of the first test.

Holistic Mobile Application Penetration Testing

While performing penetration tests, we always look at the "Big Picture".

When it comes to Mobile Application Testing, we extend our assessment to cover the risk of physical theft. This involves auditing the mobile device and identifying potential attack vectors that are relevant to the app.

In our technical assessment, we examine both the static and dynamic elements of your app. For instance, we check whether the source code unintentionally includes credentials and identify any vulnerabilities in the communication between the app and the API.

More specifically, the technical facet of our Mobile Application Penetration Testing involves the following elements:

Runtime Injections & Runtime Analysis
Input Validation & Injection Flaws
Local/External Storage Analysis & Permission Flaws
SQLite & Database Analysis
Test of the cryptographic functions
Authentication and session management
Holistic view of the API's

Realistic Mobile Application Penetration Testing:

Our assessment of your app is conducted with a hacker's mindset.

Our approach to all penetration tests is rooted in realism, mimicking the tactics of malicious hackers. Our foremost objective is to safeguard your company and your app's users from these hackers, prioritizing practical security over meeting certificate requirements.

Our methodology is as simple as it is efficient: we install your app on our devices, interact with it, and proactively seek out potential weaknesses. This process helps us pinpoint the specific attack paths that could be targeted by hackers in your particular context.

If your developers have inadvertently left credentials in the source code, we'll discover them.

If sensitive files are unencrypted when using your app are stored on the mobile device, we will find them.

If your app has permission deficits, we'll find them.

If there's no encryption in your app's communication, we'll discover it.

If your app sends insecure requests to the API, we'll locate them and widen our attack scope to cover these endpoints.

We identify the vulnerabilities within your app and assist you in addressing them.

It's never too late for Mobile Application Penetration Testing

Have you just developed a new app and want to ensure the safety of your users and their data before the release? Or does your company offer an app that has been in development for a while, and you're wondering if there might be security risks?

There's no better means of defense against attacks via this route than
Mobile Application Penetration Testing!

Should any of our standard inquiries reflect your current circumstances, please don't feel free to contact us for a relaxed introductory discussion!

Request 1: Checking an Prior to Release

We have a custom-developed website for communicating with our customers. To streamline usage, we've created Android and iOS applications that display our website within a webview. To ensure that there are no errors or omissions in the app's development or implementation before its release, I would like to have the apps reviewed.

Request 2: Checking an old app with no means to reach the original developers

With the help of a mobile application, we offer our customers the opportunity to transmit sensitive data to us. We each offer an Android and an iOS application. However, both applications were developed by different groups of people. The development of the iOS application is now several years ago and there is no longer anyone in the company who was involved in its development. In order to make sure that we provide our customers with a secure platform for data exchange, I would like to have the development of the iOS application checked.